Jon, Sorry for the lack of information, we've been trying to fix as many exploits as possible. In light of your message, instead of releasing all fixes at once, we will release the first batch of fixes (approximately 24) ASAP (ie. hopefully in the next couple of days) and then follow that up with the rest. Mike Almond. > From: Jon Mitchell <jrmat_private> > > The following was stated by mikeaat_private: > > > SCO is working on investigating and fixing the recent > > vulnerabilities reported here (namely the 19 buffer > > overflows, Xt and lpr exploits). We will have a patch > > for OpenServer 5.0.5 in two weeks, which will be available > > from http://www.sco.com/security/. > > I want to point out that it has been four weeks since this post and not a > single thing has changed on the URL above. However, on the BUGTRAQ side > of things several more exploits for Openserver 5.0.5 have been posted as > well as a Unixware 7.1 exploit. (Thank you Brock for all the work you've > done to help improve SCO's security) > > Although there have been several posts by people knowledgeable about SCO > saying that work is being done, there are no new patches available on > their website. > > I realize that fixing this many issues takes time, but since time is of > the essence in keeping systems secure, couldn't incremental fixes or > workarounds be released (ala hotfixes)? Those of us who have to support > SCO systems would certainly appreciate it. Four weeks really should be > enough time to at least post a message saying those people who do not need > to be using SCO Doctor or some other such Skunkware utility should > uninstall it until patches can be made. Not all of us in support want to > wait six months for the next release supplement to fix problems critical > to our systems. > > -- > Jon Mitchell > Systems Engineer, Subject Wills and Company > jrmat_private > > -- These views are mine and should not be attributed to my employer -- >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:14 PDT